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DETAILED ACTION 



1 . The RCE of 7/7/06 has been received and entered. 

2. Claims 1,3,6,9-11,13-15 and 20-33 are pending. 



Response to Amendments 
3. In response to the Applicant's amendments in the RCE, the rejections under 35 USC 112 
have been withdrawn. 



The applicant's amendments to overcome the prior art of Stefik come with the arguments and 
rationale as recited in page 10 wherein the Applicant states: 



Applicant respectfully submit that Stefik also fails to teach or suggest the claimed verifying step 
which is performed, as recited in amended claim 1, after the transfer of the digital credential. 
Stefik, as applied to the Exmainer, discloses the opposite, i.e., the verification (that all conditions 
associated with the rights are satisfied) is performed before the transfer (of the digital work from 
Repository 1 to Repository 2) 

In light of the Applicant's new amendments and points of focus, the Examiner has changed the 
scope of the rejection and the particular passages relied upon below. 



f 
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Applicant's also argue with respect to claim 6 that the digital credential of Stefik is not 
equivalent to the ID certificate. 

Such arguments however are not persuasive because they fail to exactly define what an ID 
certificate is. If there are particular elements which comprise an ID certificate, Applicant is free 
to amend such clarifying limitations into the claimed ID certificate. However, the Examiner as 
not found a compelling argument by the Applicant which would not allow the ID certificate to be 
read as obvious over the digital credential of Stefik. 

Applicant's additional arguments appear to rest on the amended subject matter wherein Stefik 
does not disclose that a particular set of actions occurs after the digital credential has been 
transferred. 

However, Stefik (Column 31, lines 5-45) reveal that there are several levels of authentication and 
authorization. For example, where figure 1 and column 7, lines 5-37 indicate the establishing of 
a secure session wherein the digital credential is transferred, (Column 31, lines 5-46) indicate an 
the starting and ending points of a transaction where it is assumed that a trusted session is 
already in place. 

Unlike the initial authorization and authentication process, Stefik (Column 31, lines 5-46) require 
a further verification of the art with respect to its rights to see whether or not such a transaction is 
permitted to take place. 
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To understand these steps with regards to Stefik, Stefik uses a digital work which is combined 
into a digital credential. Attached to the digital works are rights which provide the boundaries 
within which the art must be used. For Example, suppose the digital work was a digital 
document. Initially Stefik discloses some authorization policy which must be verified in order 
for the work to be transferred. 

Once the work has been transferred however, additional sessions of authorization are required. 
The rights of the work might say that that particular digital document may only be printed FIVE 
times as denoted by a print-count. Once the document has been printed, if it is desired that 
document be printed again, yet another authorization must be performed in which the document 
may only be printed FOUR times now. 

In this way, the digital work may continue to be verified against a digital policy AFTER the 
work has been transferred. 

Claim Rejections - 35 USC §102 

4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 
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5. Claims 1,3,9-1 1,13-15 and 20-33 are rejected under 35 U.S.C. 102(b) as being anticipated 
by Stefik et al, US patent 5629980. 

In reference to claim 1 : 

Stefik (Figure 1) & (Column 7, lines 5-37) & (Col 6, lines 50-56) discloses a method of 
exchanging a digital credential between a first computer node and a second computer node, the 
method comprising 

• Establishing a secure connection between the first node and second node over a 
communication network, where the secure connection is established between the 
repositories. (Column 27, lines 30-42) & (Column 7, lines 40-45) 

• establishing trust or increasing the level of trust between the first and second nodes by 

o Transferring a digital credential from the first node to the second node over the 
secure connection, where the digital credential is the digital work which also 
contains the digital authorization (Column 7, lines 5-37) & (Column 7, lines 55- 
65) 

o After said transferring, verifying the trustworthiness of the transferred digital 
credential against at least one policy of the second node, where the digital 
credential is the digital work which also contains the digital authorization, and 
where the verification performed is a determination that all conditions associated 
with the rights condition are satified. (Column 31, lines 5-62) 
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• Upon a determination that the digital credential satisfies said at least one policy, 
conducting a transaction between the first and second nodes over the secure connection, 
where the transaction that takes place is the rendering of the digital content, and the 
policy that is satisfied is the digital rights which must be complied with to render the 
content (Column 31, lines 5-62) 

• Monitoring, in real time, the digital credential that has been transferred over said secure 
connection, (Column 31, lines 5-62) wherein the digital credential is monitored against 
the prevailing set of digital rights which serve as conditions under which the rendering of 
the digital content must abide by at all times. 

In reference to claim 3: 

Stefik discloses a computer system according to claim 1, wherein the digital credential is an 
attribute credential of an entity at the first node, said entity being a user or a system or a service, 
where the digital credential is the usage rights to a work, and where the usage rights are an 
attribute credential of another entity, the system of the digital work. (Column 41, lines 45-57) & 
(Figure 10) & (Column 9, line 7 - Column 11, line 30, "Structure of a digital work") & (Column 
6, lines 50-56) 

Claims 9, 10 are substantially similar to claim 1 and is rejected for the same reasons. The 
processor structure is recited in (Column 14, lines 5-27) 
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Claim 1 1 is substantially similar to claim 23 and is rejected for the same reasons. 
In reference to claim 13: 

Stefik discloses a computer system according to claim 10, wherein the processors are further 
configured to perform the method of claim 20, and at least one of the first node and second node 
further comprises said graphical user interface. (Column 16, lines 42-67) 

In reference to claim 14: 

Stefik discloses a computer system according to claim 11, wherein the second node further 
comprises 

o Said graphical user interface; (Column 16, lines 42-67) and 

o A controller for allowing the user to change status of the digital credentials in real time 
where the controller for allowing the user to change is the keyboard. (Column 16, lines 
42-67) 

Claim 15 is substantially similar to claim 1 and is rejected for the same reasons. 
In reference to claim 20: 

Stefik discloses a method according to claim 1, further comprising 

Presenting, via a graphical user interface and in human-readable format, to a user at either or 
both of said first and second nodes the digital credential that has been transferred over the secure 
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connection, where the human readable format is the digital rights grammar. (Figure 15) & 
(Column 7, lines 5-38) & (Column 16, lines 42-67) 

In reference to claim 21 : 

Stefik discloses a method according to claim 20, wherein said presenting comprises displaying, 
by said graphical user interface, properties of said digital credential on a display, said properties 
comprising credential type, credential issuer, credential holder, and validity period, where the 
credential type is the type of the right(Figure 15, Item 1510, 1520, 1503, et seq.) , whether it be 
copying, printing, or distributing, where the credential issuer is the owner(Figure 15, Item 1525), 
where the validity period is the Time Spec(Figure 15, item 1512), and where the credential 
holder is the holder of the current authorization(Figure 15, Item 1516) or the ID of the rendering 
device(Figure 15, Item 1504) and where the digital credential is presented to the user in the form 
of a digital rights grammar. 

In reference to claim 22: 

Stefik discloses a method according to claim 1, further comprising: 

o Presenting, via a graphical user and in human-readable format, to a user at said first node 
a list of credentials of said user; 

o Allowing the user to select at least one of the credentials from said list as the digital 
credential to be transferred over the secure.(Column 19, line 55 - Column 20, line 7) 



In reference to claim 23: 
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Stefik discloses a method according to claim 1, further comprising: 

o Establishing a plurality of secure connections between the second node and a plurality of 
said first nodes over the communication network, where the plurality of first nodes 
additionally include an authorization repository, and a master repository (Column 27, 
lines 5-56) 

o Presenting, via a graphical user interface and in human-readable format, to a user a list of 
digital credentials which have been transferred over the respective secure connections 
and verified to be trustworthy, where the human-readable format is the rights grammar. 
(Figure 15) and the user interface (Column 16, lines 42-67) 

o Allowing the user to monitor and intervene and on the credentials in real time, where the 
credentials and user rights change as the user uses or exercises the rights of the digital 
work such as a copy count. (Column 36, lines 3-28) & (Column 24, lines 25-35) & 
(Column 25, lines 20 - Column 26, line 35) 

In reference to claim 24: 

Stefik (Figure 15) discloses a method according to claim 23, wherein said presenting comprises 
displaying, by said graphical user interface, properties of at least one of said credentials of the 
list on a display, said properties comprising credential issuer, credential holder, and validity 
period. 



In reference to claim 25: 
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Stefik disclose a method according to claim 1, wherein said transaction comprises providing, 
over the secure connection, access by the first node to a service provided by the second node; 
Said method further comprising 

o Requesting by the first node, another digital credential from the second node; (Column 7, 

lines 5-37) & (Figure 1) 
o Determining by the second node, whether the first node is entitled the receive the 

requested digital credential, and upon a positive determination, transmitting the requested 
digital credential from the second node to the first node over the secure connection. 
(Column 7, lines 5-37) & (Figure 1) 
• Monitoring, in real time and by said second node, the requested digital credential that has 
been issued by said second node and transferred to said first node. (Column 31, lines 5- 
62) 



In reference to claim 26: 

Stefik discloses a method according to claim 25, wherein said requesting, determining and 
transmitting are performed as part of said establishing trust or increasing the level of trust 
between the first and second nodes and are followed by 

o Examining by the first node, the requested digital credential received from the second 
node prior to the transfer of the digital credential from the first node to the second node. 
(Column 7, lines 5-37) & (Figure 1) 
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In reference to claim 27: 

Stefik discloses a method according to claim 25, wherein said requesting, determining and 
transmitting are performed after said establishing trust or increasing the level of trust between the 
first and second nodes and are followed by 

o Using, by the first node, the requested digital credential received from the second node to 
establish trust or increase the level of trust between the first node and a third node which 
is coupled to said first node via the communication network and over another established 
secure connection, where the third node is the master repository. (Column 7, lines 5 - 
Column 8, line 20) & (Figure 2) 

In reference to claim 28: 

Stefik discloses a computer node according to claim 15, further comprising a credential 
validation server module executable by the processor for executing a two-phase control on the 
digital credential, said two phase control comprising: 

o A first phase in which said credential validation server module interacts with at least one 
external entity to check if the digital credential is still valid, where a validation is 
determined with respect to time. (Column 7, lines 5-37) & (Column 21, line 45 - 
Column 22, line 30) & (Column 36, lines 3-28) & (Column 42, lines 5-21) 
o A second phase in which said credential validation server module verifies the 

trustworthiness of the received digital credential against at least one policy by checking 
on at least one of the explicit constraints on the validation path, the issuer of the digital 
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credential, and the context in which the digital credential has been issued, where the 
second phase is performed with respect to the policy which is the set of usage rights for 
the digital content that must be followed. (Column 7, lines 5-37) 
o An additional two phase system for the transference of the digital work/rights is 
presented in (Column 34, lines 1-34) 

In reference to claim 29: 

Stefik disclose a computer node according to claim 28, further comprising an authorization 
server module executable by the processor for at least one of evaluating said at least one policy, 
modifying said at least one policy, and reloading the modified policy on the fly without service 
disruption, where the policies that must be followed are the rules set forth by the usage rights 
(Column 7, lines 5-37) & (Column 20, lines 38-50, 55-67) 

In reference to claim 30: 

Stefik discloses a computer node according to claim 29, further comprising a credential content 

management module executable by the processor for 

o Abstracting the digital credential to be a collection of attributes independent of an 

original format of said digital credential, where the digital credentials are abstracted as a 
grammar which specify the digital rights, and where each of the attributes is independent 
in that each attribute controls a different right. (Figure 15) & (Column 17, "usage rights 
language" section, column 17, line 64 - Column 26,line 35) 
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o Returning the abstracted digital credential to the credential validation server module, 
where the digital credentials are verified or validated to determine if the rights are 
satisfied so that the digital content may be used. (Column 7, lines 5-37) & (Column 36, 
lines 3-28) & (Column 42, lines 5-21) 

In reference to claim 3 1 : 

Stefik discloses a computer node according to claim 30, further comprising a user context 

manager module executable by the processor for 

o Receiving the abstracted digital credential from the credential validation server module, 
and storing the abstracted digital credential in a user context area for an entire lifetime of 
said secure connection, where the digital credentials is the authorization containing the 
usage rights which are stored with the digital work. (Column 3, lines 50-61) & (Column 
7, lines 5-37) & (Column 7, lines 55-65) 

In reference to claim 32: 

Stefik discloses a computer node according to claim 31, further comprising an object pool 
manager module executable by the processor for dynamically managing the content of multiple 
said user context areas stored by the user context manager module, wherein 

o Said managing comprises at least one of modifying, adding, removing, and disabling one 
or more digital certificates stored in the user context areas, where the digital work may be 
deleted, and where the credential/digital certificate is apart of the digital work. (Column 
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25, lines 22-30) & (Column 7, lines 55-65) & (Column 23, lines 10-30) & (Column 11, 
lines 45-53) 

o Said authorization server module accesses one or more of the user context areas and 
evaluates said at least one policy against the content of said one or more of the user 
context areas, where the policy that must be obeyed are the constraints of the usage 
rights. (Column 7, lines 5-37) & (Column 7, lines 55-65) & (Column 4, lines 13-24) 

In reference to claim 33: 

Stefik (Column 31, lines 5-66) discloses the method of claim 1, wherein said monitoring 
comprises at least one of (1) checking the validity of said digital credential and (2) verifying the 
trustworthiness of said digital credential against said at least one policy, by said second node and 
either periodically or at user's initiative, wherein the validity of the digital credential is verified 
by checking the prevail set of digital rights which it must abide by, the transaction being initiated 
by the user when the user desires the render the content. 

Claim Rejections - 35 USC §103 
6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 
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7. Claim 6 is rejected under 35 U.S.C. 103(a) as being unpatentable over Stefik, US patent 
5629980. 

In reference to claim 6: 

Stefik fails to explicitly disclose a method according to claim 1, wherein the digital credential is 
an identity certificate of a user. 

However, the use of identity certificates of users are well known in the art. For Example, Stefik 
employs them as another digital credential to be used to help established the identity of the 
repository, and hence, the user of the repository (Column 27, line 30 - Column 28, line 31) & 
(Column 13, lines 59-67) 

Stefik furthermore discloses that the authorizations (Column 22, lines 57-67) themselves use 
certificates. (Column 41, lines 40-57) 

It would have been obvious to one of ordinary skill in the art at the time of invention to have the 
digital credential be an identity certificate of user in order to use a well known method which 
allows the user be properly authenticated, and the user may be properly assigned the privileges 
associated with his or her digital identity. 



Application/Control Number: 10/077,851 
Art Unit: 2134 



Page 16 



Conclusion 



8. Any inquiry concerning this communication from the examiner should be directed to 
Thomas M Ho whose telephone number is (571)272-3835. The examiner can normally be 
reached on M-F from 9:30 AM - 6:00 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Gilberto Barron can be reached on (571)272-3799. 

The Examiner may also be reached through email through Thomas.Ho6@uspto.gov 

Any inquiry of a general nature or relating to the status of this application or proceeding should 
be directed to the receptionist whose telephone number is (571)272-2100. 

General Information/Receptionist Telephone: 571-272-2100 Fax: 571-273-8300 
Customer Service Representative Telephone: 571-272-2100 Fax: 571-273-8300 
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